Include an ability to change the default client id (#238736)

Include an ability to change the client id So our migration is easy to test
microsoft · Jan 25, 2025 · a9ce0b5 · a9ce0b5
1 parent be7d0e0
commit a9ce0b5
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 6 deletions.
diff --git a/extensions/microsoft-authentication/package.json b/extensions/microsoft-authentication/package.json
@@ -115,6 +115,23 @@
             "tags": [
               "onExP"
             ]
+          },
+          "microsoft-authentication.clientIdVersion": {
+            "type": "string",
+            "default": "v1",
+            "enum": [
+              "v2",
+              "v1"
+            ],
+            "enumDescriptions": [
+              "%microsoft-authentication.clientIdVersion.enumDescriptions.v2%",
+              "%microsoft-authentication.clientIdVersion.enumDescriptions.v1%"
+            ],
+            "markdownDescription": "%microsoft-authentication.clientIdVersion.description%",
+            "tags": [
+              "onExP",
+              "experimental"
+            ]
           }
         }
       }

diff --git a/extensions/microsoft-authentication/package.nls.json b/extensions/microsoft-authentication/package.nls.json
@@ -12,6 +12,9 @@
 	},
 	"microsoft-authentication.implementation.enumDescriptions.msal": "Use the Microsoft Authentication Library (MSAL) to sign in with a Microsoft account.",
 	"microsoft-authentication.implementation.enumDescriptions.classic": "(deprecated) Use the classic authentication flow to sign in with a Microsoft account.",
+	"microsoft-authentication.clientIdVersion.description": "The version of the Microsoft Account client ID to use for signing in with a Microsoft account. Only change this if you have been asked to. The default is `v1`.",
+	"microsoft-authentication.clientIdVersion.enumDescriptions.v1": "Use the v1 Microsoft Account client ID to sign in with a Microsoft account.",
+	"microsoft-authentication.clientIdVersion.enumDescriptions.v2": "Use the v2 Microsoft Account client ID to sign in with a Microsoft account.",
 	"microsoft-sovereign-cloud.environment.description": {
 		"message": "The Sovereign Cloud to use for authentication. If you select `custom`, you must also set the `#microsoft-sovereign-cloud.customEnvironment#` setting.",
 		"comment": [

diff --git a/extensions/microsoft-authentication/src/common/scopeData.ts b/extensions/microsoft-authentication/src/common/scopeData.ts
@@ -3,14 +3,21 @@
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
-const DEFAULT_CLIENT_ID = 'aebc6443-996d-45c2-90f0-388ff96faa56';
-const DEFAULT_TENANT = 'organizations';
+import { workspace } from 'vscode';
+
+const DEFAULT_CLIENT_ID_V1 = 'aebc6443-996d-45c2-90f0-388ff96faa56';
+const DEFAULT_TENANT_V1 = 'organizations';
+const DEFAULT_CLIENT_ID_V2 = 'c27c220f-ce2f-4904-927d-333864217eeb';
+const DEFAULT_TENANT_V2 = 'common';
 
 const OIDC_SCOPES = ['openid', 'email', 'profile', 'offline_access'];
 const GRAPH_TACK_ON_SCOPE = 'User.Read';
 
 export class ScopeData {
 
+	private readonly _defaultClientId: string;
+	private readonly _defaultTenant: string;
+
 	/**
 	 * The full list of scopes including:
 	 * * the original scopes passed to the constructor
@@ -40,6 +47,14 @@ export class ScopeData {
 	readonly tenant: string;
 
 	constructor(readonly originalScopes: readonly string[] = []) {
+		if (workspace.getConfiguration('microsoft-authentication').get<'v1' | 'v2'>('clientIdVersion') === 'v2') {
+			this._defaultClientId = DEFAULT_CLIENT_ID_V2;
+			this._defaultTenant = DEFAULT_TENANT_V2;
+		} else {
+			this._defaultClientId = DEFAULT_CLIENT_ID_V1;
+			this._defaultTenant = DEFAULT_TENANT_V1;
+		}
+
 		const modifiedScopes = [...originalScopes];
 		modifiedScopes.sort();
 		this.allScopes = modifiedScopes;
@@ -55,7 +70,7 @@ export class ScopeData {
 				return current.split('VSCODE_CLIENT_ID:')[1];
 			}
 			return prev;
-		}, undefined) ?? DEFAULT_CLIENT_ID;
+		}, undefined) ?? this._defaultClientId;
 	}
 
 	private getTenantId(scopes: string[]) {
@@ -64,7 +79,7 @@ export class ScopeData {
 				return current.split('VSCODE_TENANT:')[1];
 			}
 			return prev;
-		}, undefined) ?? DEFAULT_TENANT;
+		}, undefined) ?? this._defaultTenant;
 	}
 
 	private getScopesToSend(scopes: string[]) {

diff --git a/extensions/microsoft-authentication/src/extension.ts b/extensions/microsoft-authentication/src/extension.ts
@@ -38,8 +38,8 @@ function shouldUseMsal(expService: IExperimentationService): boolean {
 	// If no setting or experiment value is found, default to true
 	return true;
 }
-let useMsal: boolean | undefined;
 
+let useMsal: boolean | undefined;
 export async function activate(context: ExtensionContext) {
 	const mainTelemetryReporter = new MicrosoftAuthenticationTelemetryReporter(context.extension.packageJSON.aiKey);
 	const expService = await createExperimentationService(
@@ -48,9 +48,14 @@ export async function activate(context: ExtensionContext) {
 		env.uriScheme !== 'vscode', // isPreRelease
 	);
 	useMsal = shouldUseMsal(expService);
+	const clientIdVersion = workspace.getConfiguration('microsoft-authentication').get<'v1' | 'v2'>('clientIdVersion', 'v1');
 
 	context.subscriptions.push(workspace.onDidChangeConfiguration(async e => {
-		if (!e.affectsConfiguration('microsoft-authentication.implementation') || useMsal === shouldUseMsal(expService)) {
+		if (!e.affectsConfiguration('microsoft-authentication')) {
+			return;
+		}
+
+		if (useMsal === shouldUseMsal(expService) && clientIdVersion === workspace.getConfiguration('microsoft-authentication').get<'v1' | 'v2'>('clientIdVersion', 'v1')) {
 			return;
 		}